Package org.camunda.bpm.webapp.impl.security.filter

Class SecurityFilter

  • All Implemented Interfaces:
    javax.servlet.Filter
    public class SecurityFilter
extends Object
implements javax.servlet.Filter

    Simple filter implementation which delegates to a list of FilterRules, evaluating their SecurityFilterRule#setAuthorized(org.camunda.bpm.webapp.impl.security.filter.AppRequest) condition for the given request.

    This filter must be configured using a init-param in the web.xml file. The parameter must be named "configFile" and point to the configuration file located in the servlet context.

    Author:
    Daniel Meyer, nico.rehwaldt

    • Constructor Detail

      • SecurityFilter

        public SecurityFilter()

    • Method Detail

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        IOException
        javax.servlet.ServletException

      • doFilterSecure

        public void doFilterSecure​(javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response,
                           javax.servlet.FilterChain chain)
                    throws IOException,
                           javax.servlet.ServletException
        Throws:
        IOException
        javax.servlet.ServletException

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException

      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter

      • authorize

        public static Authorization authorize​(String requestMethod,
                                      String requestUri,
                                      List<SecurityFilterRule> filterRules)
        Iterate over a number of filter rules and match them against the specified request.
        Parameters:
        request -
        filterRules -
        Returns:
        the joined AuthorizationStatus for this request matched against all filter rules

      • loadFilterRules

        protected void loadFilterRules​(javax.servlet.FilterConfig filterConfig,
                               String applicationPath)
                        throws javax.servlet.ServletException
        Throws:
        javax.servlet.ServletException

      • sendForbidden

        protected void sendForbidden​(javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws IOException
        Throws:
        IOException

      • sendUnauthorized

        protected void sendUnauthorized​(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response)
                         throws IOException
        Throws:
        IOException

      • sendForbiddenApplicationAccess

        protected void sendForbiddenApplicationAccess​(String application,
                                              javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response)
                                       throws IOException
        Throws:
        IOException

      • isAuthenticated

        protected boolean isAuthenticated​(javax.servlet.http.HttpServletRequest request)

      • getRequestUri

        protected String getRequestUri​(javax.servlet.http.HttpServletRequest request)